|Title of Invention||
A METHOD OF REVOKING RIGHTS OF ACCESS TO AN AUDIO VISUAL PROGRAM
|Abstract||The invention concerns a method for revoking access rights to an audio-visual programme received by a decoder (11) comprising the following steps: transmitting first messages (ECM) containing encrypted control words, each control word (CW) being used to descramble for a given time period the audiovisual signal received, second messages (EMM) comprising each data allocating user rights; decrypting in the decoder, or a portable object associated therewith, the first messages to produce control words (CW) for descrambling said audiovisual signal received by the decoder (11), transmitting third hybrid messages resulting each from the combination of at least one encrypted control word (CW), a decoder address and a right revoking information.|
PAY TELEVISION SYSTEM, METHOD FOR REVOKING RIGHTS IN
SUCH A SYSTEM, ASSOCIATED DECODER AND SMART CARD, AND
MESSAGE TRANSMITTED TO SUCH A DECODER
FIELD OF THE INVENTION
The present invention relates to a pay television system, a method of revoking rights in such a system, an associated decoder and smart card, and a message transmitted to such a decoder. In such pay television systems, two well-known modes of distributing audiovisual programs may exist either separately or jointly.
A first mode requires subscription and/or payment as a prerequisite for unencoded access to the audiovisual programs. In this case, the subscriber must subscribe and pay periodically, for example every month, a subscription fee to access the audiovisual programs broadcast on one or more channels.
A second mode calls upon the offering of temporary descrambled previewing before subscription or payment. In this case, the subscriber is informed, for example by a message on his screen, that access free of charge and unencoded (that is to say descrambled) to a current or forthcoming program is accorded to him for previewing purposes, or the subscriber requests this access. The subscriber can thus temporarily view a program unencoded on a given channel for a time of relatively short duration. If the subscriber wishes to continue to view the program, he must, before the expiry of this time, perform a payment transaction, by modem for example, according to a so-called Pay-Per-View scheme or Impulsive Pay-Per-View scheme for example, according to mechanisms known to persons skilled in the art. If this transaction is not carried out before the expiry of the time, then unencoded free
access to the program is interrupted and the program then appears scrambled on the television screen of the subscriber.
The invention applies in particular to the aforesaid two modes, but is more particularly described within the framework of this second mode.
In the present patent application, the terms audiovisual program designate any video and/or audio program.
STATE OF THE PRIOR ART
The techniques used in pay television are based on two independent mechanisms: on the one hand on a scrambling/ encryption of the video and/or audio program (or programs) , on the other hand on a function for allocating commercial rights that are transmitted as secure messages to the descrambling box or to the decoder (with control access). The scrambling/ encryption may be applied easily to a digital bit stream. All the bits may be scrambled/encrypted using for example a blockwise cipher. Scrambling is used for analog transmissions. By using such scrambling the format of the signal is changed, the synchronization signals are suppressed and sent separately in encrypted form. The audio signal may be converted into a digital signal then encrypted. The encrypted digital audio signal may be inserted into the video signal.
The audiovisual program transmitted is scrambled, or encrypted, using keys, which scrambled or encrypted audiovisual program may be descrambled or decrypted only by using equivalents of these keys, called control words (CW) . In symmetric encryption mode, the encrypt ion/scrambling keys are equal to the control words. In asymmetric encryption mode, the encryption/
scrambling keys are different from the control words. For each given audiovisual program, the control word values transmitted to the decoders change periodically at a relatively high frequency, for example of the order of a second. To allow the decryption on reception of the audiovisual program, rights allocation control messages ECM ("Entitlement Control Messages") and rights allocation management messages EMM ("Entitlement Management Messages") are transmitted to the decoders.
These two types of messages ECM and EMM may be dispatched, through the decoder, to a smart card or any portable object, such as a PCMCIA card, a smart key ..., which in particular provides for the functions of decryption and storage of user rights. In the present description the term card designates any portable object operating in conjunction with the decoder.
The ECM messages contain encrypted control words, the control words allowing the decoder to descramble/ decrypt an audiovisual program. The ECM messages are transmitted to the card which decrypts the encrypted control words and dispatches these control words CW to the decoder. The card carries out the operation of decrypting the encrypted control words only if the user is authorized to access the current television program. For this purpose the card stores in an area of its memory the rights allocated to the user concerned. Thus, when a user is associated by subscription with a smart card, the access authorization is indicated by rights allocation data ("entitlement data") stored in the card.
The EMM messages contain cues which make it possible to I update the user's rights allocation data, for example by modifying the data stored in the card. In the case of an offer of temporary descrambled previewing and according to the prior art, a first EMM message is
dispatched to the decoder to temporarily offer the subscriber the rights required to access a program on a given channel. Failing any transaction of payment received by the Operator's rights management system, another EMM message is dispatched so as to revoke these same rights.
The ECM and EMM messages have a digital signature field which ensures the integrity of the message (for example a hash code). This makes it possible to detect any malevolent or accidental corruption of the contents of the messages.
An ECM message is emitted with the scrambled signal transmitted. It comprises three fields. The first field contains certain access parameters. These parameters define the conditions under which access to a television program is allowed. This field permits, for example, parental assessment (an additional pin code is then required by the decoder) and geographical blackout (a film may not be available in every European country). The second field contains a control word in encrypted form. The last field contains data integrity control cues for the ECM message concerned.
An EMM message typically comprises four fields. Each EMM message begins with an address field for selecting an individual decoder. There are two modes of addressing, one for an individual decoder and the other for a group of decoders. The second field contains an allocation of rights for a given user. The third field contains an operating key in encrypted form. The last field contains data integrity control cues for the EMM message concerned. The EMM messages may also be used to dispatch a command to the decoder. The emission of EMM messages is generally the result of an action (subscription) or of a default of action (nonpayment in "pay with temporary descrambled previewing" mode) of
the user to the Operator. These messages are in general individual. Their content is interpreted by a decoder (or the associated card) or by a limited number of the decoders for which these particular rights are relevant. The EMM messages are not emitted synchronously with the television program to which they apply. They are transmitted in advance so as to allow an authorized user access to a given program. Any network may be used to transmit these EMM messages to the receiver: modem, mail or radio broadcasting.
To be certain that an EMM message has been received by the user, to renew a subscription for example, the latter is dispatched several times. The EMM messages are thus organized cyclically according to a given period for the emission. The duration of such a period defines the maximum waiting time to obtain an allocation of right for a user who has switched off his decoder for a long duration.
Thus represented in figure 1 are a scrambler 10, a descrambler 11 typically integrated with a decoder (not represented), a smart card 12 and ECM and EMM messages. The smart card 12 stores in particular:
a card address, which is fixed,
at least one operating key sk, which is updated periodically by EMM,
a unique key Q, which is fixed.
As mentioned previously, an ECM message contains three fields containing respectively:
the access parameters,
a control word encrypted by an operating key, denoted ESKCW) ,
a data integrity control field (hash code) for the ECM message considered.
An EMM message contains four fields containing respectively:
the user's rights,
an encrypted operating key, denoted sk:EQ(sk),
a data integrity control word (hash code) for the EMM message considered.
The successive control words CW are dispatched to the scrambler 10 and in parallel to the decoder so as to allow respectively the scrambling and/or encryption and the descrambling and/or decryption of the data transmitted.
Thus the video and/or audio signals may be scrambled using successive control words (CW). Periodically (for example every ten seconds) an ECM message is emitted with the scrambled signal. These ECM messages contain the control words encrypted by the currently valid operating key sk and transmitted by EMM message so as to be stored in the decoder or the card (for example smart card or PCMCIA card) which is associated with the decoder furnished with a card reader.
The operating keys sk are updated less frequently by EMM messages, for example every month. The operating keys sk are encrypted with one or more individual unique keys Q which are stored in a safe manner in the smart card or the decoder.
A security problem may arise in pay television systems operating according to one of the two modes presented at the beginning of the description. Specifically the revoking of the rights of subscription to a program, or the revoking of the subscriber rights, is done according to the prior technique by dispatching an EMM subscriber message (of individual EMM or unique EMM message type). A pirate (or "hacker") may wish to
profit from such a manner of operation so as to prevent such a revocation from being effective after a subscript ion has been taken out or a temporary descrambled previewing has been offered to the subscriber by the dispatching of a rights allocation EMM message. The pirate may therefore develop a technique intended to distinguish the ECM messages from the EMM messages. He can then identify and suppress by filtering EMM messages, using "blockers". Such a technique consists, for example in MPEG ("Moving Picture Expert Group") digital technology, in modifying the filtering parameters of the MPEG filters so as not to receive EMM messages until an EMM message has been received by a decoder and until the user rights have been received by the decoder (or the card associated therewith) via an EMM message. The pirate can thus for example filter and reject all the EMM messages once a card has been authorized to descramble a given program made accessible in temporary descrambled previewing mode, by virtue of the prior dispatching of appropriate EMM messages. The suppressing of subsequent EMM messages, after access to one or more programs has been authorized, prevents modification of the state of authori zat ion.
The authori zat ion data thus cannot be modi fied, and unauthorized access to all the programs conveyed on the temporary descrambled previewing channel is thus obtained for a duration equal to the duration of validity of the operating keys stored in the card before filtering of the EMM messages.
To solve this problem, patent US 5461675, which describes an access control method, makes provision for a time period during which the smart card must receive at least one EMM message, dedicated or otherwise to the card. If this requirement is not satisfied, the smart
card does not provide the correct information for descrambling the audiovisual program.
The object of the invention is to solve the above-mentioned problem with a solut ion distinct from that described in patent US 5461675 while limiting the bandwidth required for the dispatching of the messages.
DESCRIPTION OF THE INVENTION
The present invention therefore proposes a method of revoking rights of access to an audiovisual program received by a decoder comprising steps:
of emission of two types of messages to the decoder, first messages containing encrypted control words, each control word being used to descramble during a given time period the audiovisual signal received, second messages each comprising user rights allocation cues,
of decryption in the decoder, or in a portable object associated therewith, of the first messages so as to produce control words for the descrambling of said audiovisual signal received by the decoder if the user is authorized to access the cues contained therein,
characterized by the emission of third hybrid messages each resulting from the combination of at least one encrypted control word, of a decoder address and of a rights revocation cue.
The use of the hybrid messages (E3M) to invalidate the subscription rights or the subscriber rights makes it possible to guarantee that the revocation will be received (since without hybrid message received there is no television viewing possible) and therefore dispenses with the type of system piracy alluded to above.
The method of the invention also makes it possible to reduce the quantity of messages dispatched. It is, in fact, no longer necessary to dispatch rights allocation management messages (EMM) to suppress an offer for a subscriber. It is possible to do it directly by using a hybrid message E3M. Beyond the subscription offers themselves, it is possible to erase subscriptions (keys, date of obsolescence, group) for a termination of subscription. Advantageously, in a hybrid message, the control word is encrypted by a different operating key from the unique key used to encrypt the decoder address and the rights revocation cue. Advantageously, an asymmetric cryptography may be used.
The invention also relates to a pay television system comprising a subscribers management unit which stores, in the form of a database, the identifiers of the subscribers and their rights, a unit for enciphering EMM messages, a system authorizing subscribers controlled by the subscribers management unit, an MPEG compressor of the audiovisual programs, an ECM messages enciphering unit, a scrambler/multiplexer, at least one decoder associated with a smart card, a communication server, a supervisor linked to the scrambler/multiplexer and a link by satellite, land or by cable between the scrambler/multiplexer and the decoder, characterized in that it comprises a unit for combining EMM message fields and ECM message fields which comprises, for each pay audiovisual program channel, a revocation EMM messages queue and a multiplexer, this unit for combining fields being disposed at the input of the scrambler/multiplexer.
The invention also relates to a smart card, or a decoder, for processing hybrid messages, which comprises means for erasing rights registered in its memory, and decrypting the control words encrypted with the current operating key so as to produce control words.
The invention finally relates to a message transmitted to at least one decoder in a pay television system comprising at least:
an encrypted control word field, a control word being intended to descramble during a given time period an audiovisual signal received by the decoder;
a decoder address field, and
a revocation field for rights allocated to one (or more) decoder (s) addressed by an address in said address field.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 illustrates a coding/decoding system of the prior art operating in the realm of digital television;
Figure 2 shows a diagram of the general architecture of a pay television system; and
Figure 3 is a block diagram of a fields combining unit according to the invention included in a multiplexer of the architecture of figure 2.
DETAILED DESCRIPTION OF PARTICULAR EMBODIMENTS
In the method of the invention, the suppressing of the rights of access to at least one channel conveying temporary descrambled previewing programs is carried out with the aid of messages of a third type, denoted E3M, distinct from the ECM and EMM messages.
These E3M messages transmitted to at least one decoder in the pay television system comprise at least:
an encrypted control word field,
a decoder address field, and
a revocation field for rights allocated to one (or more) decoder(s) addressed by a unique/grouped address in the address field.
Each hybrid message comprises, furthermore, typically an ECM identifier header field different from an EMM identifier header field. Such identifier header fields make it possible to distinguish the ECM and EMM messages on reception.
, The fact of revoking rights of access to a channel conveying temporary descrambled previewing programs in E3M messages each including both a control word and a rights revocation cue limits piracy since the pirate cannot use a "blocker" for fear of no longer having quasi-instantaneous access to the current program, since he thus blocks any access to the control words used for the descrambling of the scrambled audiovisual program.
Specifically, a subscriber accessing, on demand or through an offer, a program with temporary descrambled previewing (or program) at a given instant to and having cancelled it, on explicit request or through default of transaction, at an instant to+At (At possibly being a very short time) so as not to pay for this offer could, previously, use an WEMM blocker" on the subsequent EMM messages to view the requested offer for free (for a maximum timescale of two EMM renewal cycles since typically the portable card stores two operating keys: the current key and the future key).
It is no longer possible to use an WE3M message blocker" since blocking the E3M messages amounts to barring oneself from viewing the programs requested.
The withdrawal of the commercial offers (or termination of subscription) is obtained by means of the E3M messages. Each E3M message results from the combination of certain cues conveyed by ECM messages and of certain cues conveyed by EMM messages, namely that each E3M
message comprises at least one encrypted control word, a decoder address and a rights revocation cue.
As represented in figure 2, an architecture given byway of example of a pay television system comprises a subscribers management unit (SMS) 20 which stores in the form of a database the identifiers of the subscribers and their rights, an EMM messages encryption unit 21 # a subscribers authorization system 22 controlled by the SMS unit 20, an MPEG compressor of the audiovisual programs 23, an ECM message encryption unit 24, a scrambler/multiplexer 25, decoders 26 associated with respective smart cards 27, a communication server 30 linked to the subscribers authorization system 22 and to the decoders 26, a supervisor 31 linked to the scrambler/multiplexer 25, and a link 32 by satellite, land or by cable between the scrambler/multiplexer 25 and the decoders 26. A detailed description of the manner of operation of this type of system is given, for example, in patent application WO98/43430.
As represented in figure 3, the unit for combining EMM message fields and ECM message fields comprises, typically for each pay audiovisual program channel, a revocation EMM queue 40, as well as a multiplexer 41. This unit for combining fields is typically disposed at the input of the scrambler/multiplexer 25 of figure 2.
The synchronization of the ECM messages with the scrambled program is critical and the ECM messages cannot therefore be delayed in the queues.
Typically, for a given channel, as soon as a revocation EMM message is produced, it is stored in the queue 40. As soon as an ECM message is produced (typically at a frequency of the order of a second), a multiplexing is performed so as to combine certain revocation EMM
message and ECM message fields, so as to produce a hybrid E3M message. Such an E3M message, at the output of the multiplexer 41, typically comprises:
an encrypted control word field, emanating from an ECM message,
a decoder address field emanating from a revocation EMM message, and
a revocation field for rights allocated to the decoder or to the set of decoders addressed by an address in said address field, emanating from the same EMM message.
Specifically, the EMM messages may be unique, individual or group messages.
Given the cycle of change of the ECM messages, of between 2 and 10 seconds, it is possible to have one cycle per hour of 300 to 1800 different modifications.
To preclude piracy on the part of a concurrent user who might know the operating keys (piracy that would consist in dispatching correctly signed erasure messages) , this erasure may be carried out via an EMM message, signed by the unique key Q of the subscriber, included in an ECM message (signed and authenticated) using an operating key.
The main constraint of the method of the invention corresponds to the overall size of each ECM message, and also to the duration of processing of the contents of these ECM messages.
However, such a constraint is not inconvenient nowadays. The size of the ECM messages may in fact reach 256 bytes (without using a chaining mode), and the dynamic RAM memories existing in smart cards are amply sufficient.
Moreover, the speed of the processors (CPU) and the use of cryptoprocessors make it possible to obtain an adequate processing time.
To prohibit any system attack originating from a concurrent user, a cryptography of asymmetric type is used: specifically, this user may not then generate EMM or ECM messages accepted by the smart cards of the subscribers if he has not previously broken the asymmetric keys. Elliptic curves or RSA-type algorithms may thus be used: algorithms of the former type have the advantage of taking up less room in memory and of making it possible to have useful contents of messages that are more significant.
It should be noted that, according to the invention, the smart card is able to process three types of messages, namely in conventional manner:
process the EMM messages so as to take account of the modifications of the subscriber rights and of operating key that it stores in its protected memory,
decrypting the encrypted control words of the ECM messages with the current operating key so as to produce control words, and according to the invention:
processing the hybrid E3M messages so as to revoke rights previously allocated by erasure of rights registered in its memory, and decrypting the encrypted control words of the E3M messages with the current operating key so as to produce control words.
Such a function may also be included in whole or in part in the decoder instead of the card.
1. A method of revoking rights of access to an
audiovisual program received by a decoder (11)
of emission of two types of messages to the decoder, first messages (ECM) containing encrypted control words, each control word (CW) being used to descramble during a given time period the audiovisual signal received, second messages (EMM) each comprising user rights allocation cues,
of decryption in the decoder, or a portable object associated therewith, of the first messages so as to produce control words (CW) for the descrambling of said audiovisual signal received by the decoder (11) if the user is authorized to access the cues contained therein,
characterized by the emission of third hybrid messages (E3M) each resulting from the combination of at least one encrypted control word, of a decoder address and of a rights revocation cue.
2. The method as claimed in claim 1, in which, in a hybrid message (E3M) , the control word (CW) is encrypted by a different operating key from the unique key used to encrypt the decoder address and the rights revocation cue.
3. The method as claimed in claim 1, in which an asymmetric cryptography is used.
4. A pay television system comprising a subscribers management unit (20) which stores the identifiers of the subscribers and their rights, a unit for enciphering EMM messages (21), a system authorizing subscribers (22) controlled by the subscribers management unit (20), an MPEG compres sor of the audiovisual programs (23), an ECM messages enciphering
unit (24) , a scrambler/multiplexer (25) , at least one decoder (26) associated with a smart card (27), a communication server (30), a supervisor (31), and a link (32) between the scrambler/multiplexer (25) and the decoders (26), characterized in that it comprises a unit for combining EMM message fields and ECM message fields which comprises, for each pay audiovisual program channel, a revocation EMM messages queue (40) and a multiplexer (41) , this unit for combining fields being disposed at the input of the scrambler/multiplexer (25) .
5. A smart card for processing hybrid messages transmitted as claimed in any one of claims 1 to 3, characterized in that it comprises means for erasing rights registered in its memory, and decrypting the control words encrypted with the current operating key so as to produce control words.
6. A decoder for processing hybrid messages transmitted as claimed in any one of claims 1 to 3, characterized in that it comprises means of erasing rights registered in its memory, and decrypting the control words encrypted with the current operating key so as to produce control words.
7. A message transmitted to at least one decoder in a pay television system comprising at least:
an encrypted control word field, a control word being intended to descramble during a given time period an audiovisual signal received by the decoder;
a decoder address field, and
a revocation field for rights allocated to one (or
more) decoder(s) addressed by an address in said
address field. f\ y
|Indian Patent Application Number||1771/CHENP/2005|
|PG Journal Number||52/2008|
|Date of Filing||02-Aug-2005|
|Name of Patentee||NAGRA THOMSON LICENSING|
|Applicant Address||46 QUAY ALPHONSE LE GALLO - 92100 BOULOGNE BILLANCOURT|
|PCT International Classification Number||H04N 7/16|
|PCT International Application Number||PCT/EP04/50060|
|PCT International Filing date||2004-01-30|